The Everest ransomware gang, a prolific group known for high-profile data extortion schemes, was dealt an unexpected blow this weekend. Their dark web leak site—typically used to publish stolen files from victims who refuse to pay ransoms. Was hacked and defaced.
In place of the gang’s usual ransom threats and data leaks. The site now displays a stark, sarcastic message: “Don’t do crime. CRIME IS BAD. xoxo from Prague.”
As of this writing, the defacement is still live. It remains unclear who is behind the hack or whether it involved a deeper breach of Everest’s systems. No confirmation has surfaced yet about whether internal data from the gang itself was compromised in the attack.
The Everest ransomware gang, believed to be based in Russia, has been linked to numerous cyberattacks since emerging in 2020. Notably, the group claimed responsibility for stealing sensitive information from NASA, Brazil’s federal systems. And over 420,000 customer records from cannabis retailer Stiiizy.
Despite ongoing global efforts to clamp down on ransomware operators, Everest remains active. Though this recent incident may shake their credibility in underground forums. The disruption comes at a time when the ransomware landscape is already in flux.
While attacks have surged in recent years, fewer victims are choosing to pay ransom demands, with 2024 data showing a decline in payments across industries. Many companies are now better prepared for attacks and more willing to risk public exposure than to fund criminal enterprises.
Law enforcement agencies have also made notable strides. In recent months, operations have targeted and disrupted major ransomware groups, including LockBit and Radar. In parallel, several gangs have faced internal leaks, betrayals, or retaliatory hacks—undermining the illusion of invincibility they once held.
The defacement of Everest’s leak site may be part of a growing trend of vigilante-style hacks or inter-gang rivalries, though attribution remains elusive. Whether it was the work of ethical hackers, rival cybercriminals, or even a disgruntled insider, one thing is clear: the hackers wanted to send a message—and they did so loud and clear.
With Everest still silent and their digital turf under someone else’s control, this rare turn of events adds another wrinkle to the increasingly unstable world of ransomware and cyber extortion.
